Skip to content

Commit

Permalink
Merge pull request #290 from JamieHunter/main
Browse files Browse the repository at this point in the history 
Add fixes to cryptoauthlib to support Java PKCS11 requirements, to support Greengrass V2
  • Loading branch information
@bryan-hunt
bryan-hunt committed Apr 13, 2022
2 parents 50a11b1 + 6457c1c commit c6e9d55
Show file tree
Hide file tree
Showing 3 changed files with 22 additions and 7 deletions.
10 changes: 5 additions & 5 deletions lib/pkcs11/pkcs11_key.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -513,12 +513,12 @@ const pkcs11_attrib_model pkcs11_key_private_attributes[] = {
{ CKA_SIGN_RECOVER, NULL_PTR },
/** CK_TRUE if key supports unwrapping (i.e., can be used to unwrap other keys)9 */
{ CKA_UNWRAP, NULL_PTR },
/** CK_TRUE if key is extractable and can be wrapped 9 */
{ CKA_EXTRACTABLE, NULL_PTR },
/** CK_TRUE if key is extractable and can be wrapped */
{ CKA_EXTRACTABLE, pkcs11_attrib_false },
/** CK_TRUE if key has always had the CKA_SENSITIVE attribute set to CK_TRUE */
{ CKA_ALWAYS_SENSITIVE, pkcs11_token_get_access_type },
/** CK_TRUE if key has never had the CKA_EXTRACTABLE attribute set to CK_TRUE */
{ CKA_NEVER_EXTRACTABLE, NULL_PTR },
{ CKA_NEVER_EXTRACTABLE, pkcs11_token_get_access_type },
/** CK_TRUE if the key can only be wrapped with a wrapping key that has CKA_TRUSTED set to CK_TRUE. Default is CK_FALSE. */
{ CKA_WRAP_WITH_TRUSTED, NULL_PTR },
/** For wrapping keys. The attribute template to match against any keys
Expand Down Expand Up @@ -639,11 +639,11 @@ const pkcs11_attrib_model pkcs11_key_secret_attributes[] = {
/** CK_TRUE if key supports unwrapping (i.e., can be used to unwrap other keys) */
{ CKA_UNWRAP, NULL_PTR },
/** CK_TRUE if key is extractable and can be wrapped */
{ CKA_EXTRACTABLE, NULL_PTR },
{ CKA_EXTRACTABLE, pkcs11_attrib_false },
/** CK_TRUE if key has always had the CKA_SENSITIVE attribute set to CK_TRUE */
{ CKA_ALWAYS_SENSITIVE, pkcs11_token_get_access_type },
/** CK_TRUE if key has never had the CKA_EXTRACTABLE attribute set to CK_TRUE */
{ CKA_NEVER_EXTRACTABLE, NULL_PTR },
{ CKA_NEVER_EXTRACTABLE, pkcs11_token_get_access_type },
/** Key checksum */
{ CKA_CHECK_VALUE, pkcs11_key_get_check_value },
/** CK_TRUE if the key can only be wrapped with a wrapping key that has CKA_TRUSTED set to CK_TRUE. Default is CK_FALSE. */
Expand Down
15 changes: 15 additions & 0 deletions lib/pkcs11/pkcs11_signature.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -148,6 +148,21 @@ CK_RV pkcs11_signature_sign(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pData, CK_UL
return pkcs11_util_convert_rv(status);
}
}
else
{
switch (pSession->active_mech)
{
case CKM_SHA256_HMAC:
*pulSignatureLen = ATCA_SHA256_DIGEST_SIZE;
break;
case CKM_ECDSA:
*pulSignatureLen = ATCA_SIG_SIZE;
break;
default:
status = ATCA_GEN_FAIL;
break;
}
}
}
else
{
Expand Down
4 changes: 2 additions & 2 deletions lib/pkcs11/pkcs11_token.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -428,8 +428,8 @@ CK_RV pkcs11_token_get_info(CK_SLOT_ID slotID, CK_TOKEN_INFO_PTR pInfo)
pInfo->ulMinPinLen = 0;
pInfo->flags = CKF_RNG;// | CKF_LOGIN_REQUIRED;

pInfo->ulMaxSessionCount = 1;
pInfo->ulMaxRwSessionCount = 1;
pInfo->ulMaxSessionCount = PKCS11_MAX_SESSIONS_ALLOWED;
pInfo->ulMaxRwSessionCount = PKCS11_MAX_SESSIONS_ALLOWED;

pInfo->ulSessionCount = (slot_ctx->session) ? TRUE : FALSE;
pInfo->ulRwSessionCount = (slot_ctx->session) ? TRUE : FALSE;
Expand Down

0 comments on commit c6e9d55

Please sign in to comment.